Cyber Security. What is cyber security? What are the risks? What can we do?

Transcription

1 Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. In a computing context, the term security implies cybersecurity. What is cyber security? It seems that everything relies on computers and the internet now communication ( , cellphones), entertainment (digital cable, mp3s), transportation (car engine systems, airplane navigation), shopping (online stores, credit cards), medicine (equipment, medical records), and the list goes on. How much of our daily life relies on computers? How much of our personal information is stored either on our own computer or on someone else's system? Cyber security involves protecting that information by preventing, detecting, and responding to attacks. What are the risks? There are many risks, some more serious than others. Among these dangers are viruses erasing our entire system, someone breaking into our system and altering files, someone using our computer to attack others, or someone stealing our credit card information and making unauthorized purchases. Unfortunately, there's no 100% guarantee that even with the best precautions some of these things won't happen to us, but there are steps we can take to minimize the chances. What can we do? The first step in protecting ourself is to recognize the risks and become familiar with some of the terminology associated with them. Hacker, attacker, or intruder - These terms are applied to the people who seek to exploit weaknesses in software and computer systems for their own gain. Although their intentions are sometimes fairly benign and motivated solely by curiosity, their actions are typically in violation of the intended use of the systems they are exploiting. The results can range from mere mischief (creating a virus with no intentionally negative impact) to malicious activity (stealing or altering information). Malicious code - Malicious code, sometimes called malware, is a broad category that includes any code that could be used to attack our computer. Malicious code can have the following characteristics:

2 It might require to actually do something before it infects our computer. This action could be opening an attachment or going to a particular web page. Some forms propagate without user intervention and typically start by exploiting a software vulnerability. Once the victim computer has been infected, the malicious code will attempt to find and infect other computers. This code can also propagate via , websites, or network-based software. Some malicious code claims to be one thing while in fact doing something different behind the scenes. For example, a program that claims it will speed up our computer may actually be sending confidential information to a remote intruder. Viruses and worms are examples of malicious code. Vulnerability - In most cases, vulnerabilities are caused by programming errors in software. Attackers might be able to take advantage of these errors to infect our computer, so it is important to apply updates or patches that address known vulnerabilities. What are patches? Similar to the way fabric patches are used to repair holes in clothing, software patches repair holes in software programs. Patches are updates that fix a particular problem or vulnerability within a program. Sometimes, instead of just releasing a patch, vendors will release an upgraded version of their software, although they may refer to the upgrade as a patch. How do you find out what patches you need to install? When patches are available, vendors usually put them on their websites for users to download. It is important to install a patch as soon as possible to protect our computer from attackers who would take advantage of the vulnerability. Attackers may target vulnerabilities for months or even years after patches are available. Some software will automatically check for updates, and many vendors offer users the option to receive automatic notification of updates through a mailing list. If these automatic options are available. Make sure that we only download software or patches from websites that we trust. Do not trust a link in an .

3 Why is it important to remember that the internet is public? Because the internet is so accessible and contains a wealth of information, it has become a popular resource for communicating, for researching topics, and for finding information about people. It may seem less intimidating than actually interacting with other people because there is a sense of anonymity. However, we are not really anonymous when we are online, and it is just as easy for people to find information about us as it is for us to find information about them. Unfortunately, many people have become so familiar and comfortable with the internet that they may adopt practices that make them vulnerable. For example, although people are typically wary of sharing personal information with strangers they meet on the street, they may not hesitate to post that same information online. Once it is online, it can be accessed by a world of strangers, and we have no idea what they might do with that information. What guidelines can we follow when publishing information on the internet? View the internet as a novel, not a diary - Make sure we are comfortable with anyone seeing the information we put online. Expect that people we have never met will find our page; even if we are keeping an online journal or blog, write it with the expectation that it is available for public consumption. Some sites may use passwords or other security restrictions to protect the information, but these methods are not usually used for most websites. If we want the information to be private or restricted to a small, select group of people, the internet is probably not the best forum. Be careful what we advertise - In the past, it was difficult to find information about people other than their phone numbers or address. Now, an increasing amount of personal information is available online, especially because people are creating personal web pages with information about themselves. When deciding how much information to reveal, realize that we are broadcasting it to the world. Supplying our address may increase the amount of spam we receive. Providing details about our hobbies, our job, our family and friends, and our past may give attackers enough information to perform a successful social engineering. Realize that we can't take it back - Once we publish something online, it is available to other people and to search engines. we can change or remove information after something has been published, but it is possible that someone has already seen the original version. Even if we try to remove the page(s) from the internet, someone may have saved a copy of the page or used excerpts in another source. Some search engines "cache" copies of web pages; these cached copies may be available after a web page has been deleted or altered. Some web

4 browsers may also maintain a cache of the web pages a user has visited, so the original version may be stored in a temporary file on the user's computer. Think about these implications before publishing information once something is out there, we can't guarantee that we can completely remove it. As a general practice, let our common sense guide our decisions about what to post online. Before we publish something on the internet, determine what value it provides and consider the implications of having the information available to the public. Identity theft is an increasing problem, and the more information an attacker can gather about us, the easier it is to pretend to be us. Behave online the way we would behave in our daily life, especially when it involves taking precautions to protect ourself. What is an ISP? An ISP, or internet service provider, is a company that provides its customers access to the internet and other web services. In addition to maintaining a direct line to the internet, the company usually maintains web servers. By supplying necessary software, a password-protected user account, and a way to connect to the internet (e.g., modem), ISPs offer their customers the capability to browse the web and exchange with other people. Some ISPs also offer additional services. With the development of smart phones, many cell phone providers are also ISPs. ISPs can vary in size some are operated by one individual, while others are large corporations. They may also vary in scope some only support users in a particular city, while others have regional or national capabilities. What services do ISPs provide? Almost all ISPs offer and web browsing capabilities. They also offer varying degrees of user support, usually in the form of an address or customer support hotline. Most ISPs also offer web hosting capabilities, allowing users to create and maintain personal web pages; and some may even offer the service of developing the pages for us. Some ISPs bundle internet service with other services, such as television and telephone service. Many ISPs offer a wireless modem as part of their service so that customers can use devices equipped with Wi-Fi. As part of normal operation, most ISPs perform backups of and web files. If the ability to recover and web files is important to us, check with our ISP to see if they back up the data; it might not be advertised as a service. Additionally, most ISPs implement firewalls to block some portion of incoming traffic, although we should consider this a supplement to our own security precautions, not a replacement. Understanding Firewalls

5 What do firewalls do? Firewalls provide protection against outside attackers by shielding our computer or network from malicious or unnecessary Internet traffic. Firewalls can be configured to block data from certain locations while allowing the relevant and necessary data through. What type of firewall is best? Firewalls are offered in two forms: hardware (external) and software (internal). While both have their advantages and disadvantages, the decision to use a firewall is far more important than deciding which type we use. Hardware - Typically called network firewalls, these external devices are positioned between our computer or network and our cable or DSL modem. Many vendors and some Internet service providers (ISPs) offer devices called "routers" that also include firewall features. Hardware-based firewalls are particularly useful for protecting multiple computers but also offer a high degree of protection for a single computer. If we only have one computer behind the firewall, or if we are certain that all of the other computers on the network are up to date on patches and are free from viruses, worms, or other malicious code, we may not need the extra protection of a software firewall. Hardware-based firewalls have the advantage of being separate devices running their own operating systems, so they provide an additional line of defense against attacks. Their major drawback is cost. Software - Some operating systems include a built-in firewall; if ours does, consider enabling it to add another layer of protection even if we have an external firewall. If we don't have a built-in firewall, we can obtain a software firewall for relatively little or no cost from our local computer store, software vendors, or ISP. Because of the risks associated with downloading software from the Internet onto an unprotected computer, it is best to install the firewall from a CD or DVD. If we do download software from the Internet, make sure it is a reputable, secure website. Although relying on a software firewall alone does provide some protection, realize that having the firewall on the same computer as the information we are trying to protect may hinder the firewall's ability to catch malicious traffic before it enters our system. How do we know what configuration settings to apply? Most commercially available firewall products, both hardware- and software-based, come configured in a manner that is acceptably secure for most users. Since each firewall is different, we will need to read and understand the documentation that comes with it to determine whether or not the default settings on our firewall are sufficient for

6 our needs. Additional assistance may be available from our firewall vendor or our ISP. Also, alerts about current viruses or worms Unfortunately, while properly configured firewalls may be effective at blocking some attacks, don't be lulled into a false sense of security. Although they do offer a certain amount of protection, firewalls do not guarantee that our computer will not be attacked. In particular, a firewall offers little to no protection against viruses that work by having we run the infected program on our computer, as many -borne viruses do. However, using a firewall in conjunction with other protective measures (such as antivirus software and "safe" computing practices) will strengthen our resistance to attacks. How do we choose an ISP? Traditional, broadband ISPs typically offer internet access through cable, DSL, or fiberoptic options. The availability of these options may depend where we live. In addition to the type of access, there are other factors that we may want to consider: security - Do we feel that the ISP is concerned about security? Does it use encryption and SSL to protect any information we submit (e.g., user name, password)? If the ISP provides a wireless modem, what wireless security standards does it support, and are those standards compatible with our existing devices? privacy - Does the ISP have a published privacy policy? Are we comfortable with who has access to our information and how it is being handled and used? services - Does our ISP offer the services we want? Do they meet our requirements? Is there adequate support for the services? If the ISP provides a wireless modem, are its wireless standards compatible with our existing devices? cost - Are the ISP's costs affordable? Are they reasonable for the number of services we receive, as well as the level of those services? Are we sacrificing quality and security to get the lowest price? reliability - Are the services our ISP provides reliable, or are they frequently unavailable due to maintenance, security problems, a high volume of users, or other reasons? If the ISP knows that services will be unavailable for a particular reason, does it adequately communicate that information? user support - Are there published methods for contacting customer support? Do we receive prompt and friendly service? Do their hours of availability accommodate our needs? Do the consultants have the appropriate level of knowledge? speed - How fast is our ISP's connection? Is it sufficient for accessing our or navigating the internet?

7 recommendations - Have we heard or seen positive reviews about the ISP? Were they from trusted sources? Does the ISP serve our geographic area? If we have uncovered negative points, are they factors we are concerned about?

8 General Security Choosing and Protecting Passwords Why do you need a password? Think about the number of personal identification numbers (PINs), passwords, or passphrases we use every day: getting money from the ATM or using our debit card in a store, logging on to our computer or , signing in to an online bank account or shopping cart...the list seems to just keep getting longer. Keeping track of all of the number, letter, and word combinations may be frustrating at times, and maybe we have wondered if all of the fuss is worth it. After all, what attacker cares about our personal account, right? Or why would someone bother with our practically empty bank account when there are others with much more money? Often, an attack is not specifically about our account but about using the access to our information to launch a larger attack. And while having someone gain access to our personal might not seem like much more than an inconvenience and threat to our privacy. One of the best ways to protect information or physical property is to ensure that only authorized people have access to it. Verifying that someone is the person they claim to be is the next step, and this authentication process is even more important, and more difficult, in the cyber world. Passwords are the most common means of authentication, but if we don't choose good passwords or keep them confidential, they're almost as ineffective as not having any password at all. Many systems and services have been successfully broken into due to the use of insecure and inadequate passwords, and some viruses and worms have exploited systems by guessing weak passwords. How do you choose a good password? Most people use passwords that are based on personal information and are easy to remember. However, that also makes it easier for an attacker to guess or "crack" them. Consider a four-digit PIN number is our a combination of the month, day, or year of our birthday? Or our address or phone number? Think about how easily it is to find this information out about somebody. What about our password is it a word that can be found in the dictionary? If so, it may be susceptible to "dictionary" attacks, which attempt to guess passwords based on words in the dictionary. Although intentionally misspelling a word ("daytt" instead of "date") may offer some protection against dictionary attacks, an even better method is to rely on a series of words and use memory techniques, to help us remember how to decode it. For example, instead of the password "hoops," use "IlTpbb" for "[I] [l]ike [T]o [p]lay [b]asket[b]all." Using both lowercase and capital letters adds another layer of obscurity. Our best defense, though, is to use a combination of numbers, special characters, and both lowercase and capital letters. Change the same example we used above to

9 "Il!2pBb." and see how much more complicated it has become just by adding numbers and special characters. Longer passwords are more secure than shorter ones because there are more characters to guess, so consider using passphrases when we can. For example, "This passwd is 4 my !" would be a strong password because it has many characters and includes lowercase and capital letters, numbers, and special characters. We may need to try different variations of a passphrase many applications limit the length of passwords, and some do not accept spaces. Avoid common phrases, famous quotations, and song lyrics. Don't assume that now that we have developed a strong password we should use it for every system or program we log into. If an attacker does guess it, he would have access to all of our accounts. We should use these techniques to develop unique passwords for each of our accounts. Here is a review of tactics to use when choosing a password: Don't use passwords that are based on personal information that can be easily accessed or guessed. Don't use words that can be found in any dictionary of any language. Develop a mnemonic for remembering complex passwords. Use both lowercase and capital letters. Use a combination of letters, numbers, and special characters. Use passphrases when we can. Use different passwords on different systems. How can you protect we password? Now that we have chosen a password that's difficult to guess, we have to make sure not to leave it someplace for people to find. Writing it down and leaving it in our desk, next to our computer, or, worse, taped to our computer, is just making it easy for someone who has physical access to our office. Don't tell anyone our passwords, and watch for attackers trying to trick us through phone calls or messages requesting that we reveal our. If our internet service provider (ISP) offers choices of authentication systems, look for ones that use Kerberos, challenge/response, or public key encryption rather than simple passwords. Consider challenging service providers that only use passwords to adopt more secure methods. Also, many programs offer the option of "remembering" our password, but these programs have varying degrees of security protecting that information. Some programs, such as clients, store the information in clear text in a file on our computer. This means that anyone with access to our computer can discover all of our passwords and can gain access to our information. For this reason, always remember to log out when we are using a public computer (at the library, an internet cafe, or even a shared computer at our office). Other programs, such as Apple's Keychain and Palm's Secure

10 Desktop, use strong encryption to protect the information. These types of programs may be viable options for managing our passwords if we find we have too many to remember. There's no guarantee that these techniques will prevent an attacker from learning our password, but they will make it more difficult. Coordinating Virus and Spyware Defense Isn't it better to have more protection? Spyware and viruses can interfere with our computer's ability to process information or can modify or destroy data. We may feel that the more anti-virus and anti-spyware programs we install on your computer, the safer we will be. It is true that not all programs are equally effective, and they will not all detect the same malicious code. However, by installing multiple programs in an attempt to catch everything, we may introduce problems. How can anti-virus or anti-spyware software cause problems? It is important to use anti-virus and anti-spyware software. But too much or the wrong kind can affect the performance of our computer and the effectiveness of the software itself. Scanning our computer for viruses and spyware uses some of the available memory on our computer. If we have multiple programs trying to scan at the same time, we may limit the amount of resources left to perform our tasks. Essentially, we have created a denial of service against ourself. It is also possible that in the process of scanning for viruses and spyware, anti-virus or anti-spyware software may misinterpret the virus definitions of other programs. Instead of recognizing them as definitions, the software may interpret the definitions as actual malicious code. Not only could this result in false positives for the presence of viruses or spyware, but the anti-virus or anti-spyware software may actually quarantine or delete the other software. How can we avoid these problems? Investigate our options in advance - Research available anti-virus and antispyware software to determine the best choice for us. Consider the amount of malicious code the software recognizes, and try to find out how frequently the virus definitions are updated. Also check for known compatibility issues with other software we may be running on our computer. Limit the number of programs we install - Many vendors are now releasing packages that incorporate both anti-virus and anti-spyware capabilities together.

11 However, if we decide to choose separate programs, we really only need one antivirus program and one anti-spyware program. If we install more, we increase our risk for problems. Install the software in phases - Install the anti-virus software first and test it for a few days before installing anti-spyware software. If problems develop, we have a better chance at isolating the source and then determining if it is an issue with the software itself or with compatibility. Watch for problems - If our computer starts processing requests more slowly, we are seeing error messages when updating our virus definitions, our software does not seem to be recognizing malicious code, or other issues develop that cannot be easily explained, check our anti-virus and anti-spyware software. Debunking Some Common Myths How are these myths established? There is no one cause for these myths. They may have been formed because of a lack of information, an assumption, knowledge of a specific case that was then generalized, or some other source. As with any myth, they are passed from one individual to another, usually because they seem legitimate enough to be true. Why is it important to know the truth? While believing these myths may not present a direct threat, they may cause us to be more lax about our security habits. If we are not diligent about protecting ourself, we may be more likely to become a victim of an attack. What are some common myths, and what is the truth behind them? Myth: Anti-virus software and firewalls are 100% effective. Truth: Anti-virus software and firewalls are important elements to protecting our information. However, neither of these elements are guaranteed to protect us from an attack. Combining these technologies with good security habits is the best way to reduce our risk. Myth: Once software is installed on our computer, we do not have to worry about it anymore. Truth: Vendors may release updated versions of software to address problems or fix vulnerabilities. We should install the updates as soon as possible; some software even offers the option to obtain updates automatically. Making sure that we have the latest virus definitions for our anti-virus software is especially important. Myth: There is nothing important on our machine, so we do not need to protect it.

12 Truth: Our opinion about what is important may differ from an attacker's opinion. If we have personal or financial data on our computer, attackers may be able to collect it and use it for their own financial gain. Even if we do not store that kind of information on our computer, an attacker who can gain control of our computer may be able to use it in attacks against other people. Myth: Attackers only target people with money. Truth: Anyone can become a victim of identity theft. Attackers look for the biggest reward for the least amount of effort, so they typically target databases that store information about many people. If our information happens to be in the database, it could be collected and used for malicious purposes. It is important to pay attention to our credit information so that we can minimize any potential damage. Myth: When computers slow down, it means that they are old and should be replaced. Truth: It is possible that running newer or larger software programs on an older computer could lead to slow performance, but we may just need to replace or upgrade a particular component (memory, operating system, CD or DVD drive, etc.). Another possibility is that there are other processes or programs running in the background. If our computer has suddenly become slower, it may be compromised by malware or spyware, or we may be experiencing a denial-ofservice attack. Good Security Habits How can we minimize the access other people have to our information? We may be able to easily identify people who could, legitimately or not, gain physical access to our computer family members, roommates, co-workers, members of a cleaning crew, and maybe others. Identifying the people who could gain remote access to our computer becomes much more difficult. As long as we have a computer and connect it to a network, we are vulnerable to someone or something else accessing or corrupting our information; however, we can develop habits that make it more difficult. Lock our computer when we are away from it. Even if we only step away from our computer for a few minutes, it's enough time for someone else to destroy or corrupt our information. Locking our computer prevents another person from being able to simply sit down at our computer and access all of our information. Disconnect our computer from the Internet when we aren't using it. The development of technologies such as DSL and cable modems have made it possible for users to be online all the time, but this convenience comes with risks. The likelihood that attackers or viruses scanning the network for available computers will target our computer becomes much higher if our computer is always

13 connected. Depending on what method we use to connect to the Internet, disconnecting may mean disabling a wireless connection, turning off our computer or modem, or disconnecting cables. When we are connected, make sure that we have a firewall enabled. Evaluate our security settings. Most software, including browsers and programs, offers a variety of features that we can tailor to meet our needs and requirements. Enabling certain features to increase convenience or functionality may leave us more vulnerable to being attacked. It is important to examine the settings, particularly the security settings, and select options that meet our needs without putting us at increased risk. If we install a patch or a new version of the software, or if we hear of something that might affect our settings, re-evaluate our settings to make sure they are still appropriate. What other steps can you take? Sometimes the threats to our information aren't from other people but from natural or technological causes. Although there is no way to control or prevent these problems, we can prepare for them and try to minimize the damage. Protect our computer against power surges and brief outages. Aside from providing outlets to plug in our computer and all of its peripherals, some power strips protect our computer against power surges. Many power strips now advertise compensation if they do not effectively protect our computer. Power strips alone will not protect us from power outages, but there are products that do offer an uninterruptible power supply when there are power surges or outages. During a lightning storm or construction work that increases the odds of power surges, consider shutting our computer down and unplugging it from all power sources. Back up all of our data. Whether or not we take steps to protect ourself, there will always be a possibility that something will happen to destroy our data. We have probably already experienced this at least once losing one or more files due to an accident, a virus or worm, a natural event, or a problem with our equipment. Regularly backing up our data on a CD or network reduces the stress and other negative consequences that result from losing important information. Determining how often to back up our data is a personal decision. If we are constantly adding or changing data, we may find weekly backups to be the best alternative; if our content rarely changes, we may decide that our backups do not need to be as frequent. We don't need to back up software that we own on CD- ROM or DVD-ROM we can reinstall the software from the original media if necessary.

14 Keeping Children Safe Online Cyber Security What unique risks are associated with children? When a child is using our computer, normal safeguards and security practices may not be sufficient. Children present additional challenges because of their natural characteristics: innocence, curiosity, desire for independence, and fear of punishment. We need to consider these characteristics when determining how to protect our data and the child. We may think that because the child is only playing a game, or researching a term paper, or typing a homework assignment, he or she can't cause any harm. But what if, when saving her paper, the child deletes a necessary program file? Or what if she unintentionally visits a malicious web page that infects our computer with a virus? These are just two possible scenarios. Mistakes happen, but the child may not realize what she's done or may not tell us what happened because she's afraid of getting punished. Online predators present another significant threat, particularly to children. Because the nature of the internet is so anonymous, it is easy for people to misrepresent themselves and manipulate or trick other users. Adults often fall victim to these ploys, and children, who are usually much more open and trusting, are even easier targets. Another growing problem is cyberbullying. These threats are even greater if a child has access to or instant messaging programs, visits chat rooms, and/or uses social networking sites. What can you do? Be involved - Consider activities we can work on together, whether it be playing a game, researching a topic we had been talking about (e.g., family vacation spots, a particular hobby, a historical figure), or putting together a family newsletter. This will allow us to supervise our child's online activities while teaching her good computer habits. Keep our computer in an open area - If our computer is in a high-traffic area, we will be able to easily monitor the computer activity. Not only does this accessibility deter a child from doing something she knows she's not allowed to do, it also gives us the opportunity to intervene if we notice a behavior that could have negative consequences. Set rules and warn about dangers - Make sure our child knows the boundaries of what she is allowed to do on the computer. These boundaries should be appropriate for the child's age, knowledge, and maturity, but they may include rules about how long she is allowed to be on the computer, what sites she is allowed to visit, what software programs she can use, and what tasks or activities she is allowed to do. We should also talk to children about the dangers of the internet so that they recognize suspicious behavior or activity. Discuss the risks of sharing certain types of information (e.g., that they're home alone) and the benefits to only communicating and sharing information with people they know.

15 Monitor computer activity - Be aware of what our child is doing on the computer, including which websites she is visiting. If she is using , instant messaging, or chat rooms, try to get a sense of who she is corresponding with and whether she actually knows them. Keep lines of communication open - Let our child know that she can approach us with any questions or concerns about behaviors or problems she may have encountered on the computer. Consider partitioning our computer into separate accounts - Most operating systems give us the option of creating a different user account for each user. If we are worried that our child may accidentally access, modify, and/or delete our files, we can give her a separate account and decrease the amount of access and number of privileges she has. If we don't have separate accounts, we need to be especially careful about our security settings. In addition to limiting functionality within our browser, avoid letting our browser remember passwords and other personal information. Also, it is always important to keep our virus definitions up to. Consider implementing parental controls - We may be able to set some parental controls within our browser. For example, Internet Explorer allows us to restrict or allow certain websites to be viewed on our computer, and we can protect these settings with a password. To find those options, click Tools on our menu bar, select Internet Options, choose the Content tab, and click the Enable... button under Content Advisor. There are other resources we can use to control and/or monitor our child's online activity. Some ISPs offer services designed to protect children online. Contact our ISP to see if any of these services are available. There are also special software programs we can install on our computer. Different programs offer different features and capabilities, so we can find one that best suits our needs. Real-World Warnings Keep us Safe Online Why are these warnings important? Like the real world, technology and the internet present dangers as well as benefits. Equipment fails, attackers may target us, and mistakes and poor judgment happen. Just as we take precautions to protect ourself in the real world, we need to take precautions to protect ourself online. For many users, computers and the internet are unfamiliar and intimidating, so it is appropriate to approach them the same way we urge children to approach the real world.

16 What are some warnings to remember? Don't trust candy from strangers - Finding something on the internet does not guarantee that it is true. Anyone can publish information online, so before accepting a statement as fact or taking action, verify that the source is reliable. It is also easy for attackers to "spoof" addresses, so verify that an is legitimate before opening an unexpected attachment or responding to a request for personal information. If it sounds too good to be true, it probably is - We have probably seen many s promising fantastic rewards or monetary gifts. However, regardless of what the claims, there are not any wealthy strangers desperate to send us money. Beware of grand promises they are most likely spam, hoaxes, or phishing schemes. Also be wary of pop-up windows and advertisements for free downloadable software they may be disguising spyware. Don't advertise that we are away from home - Some accounts, especially within an organization, offer a feature (called an autoresponder) that allows us to create an "away" message if we are going to be away from our for an extended period of time. The message is automatically sent to anyone who s us while the autoresponder is enabled. While this is a helpful feature for letting our contacts know that we will not be able to respond right away, be careful how we phrase our message. We do not want to let potential attackers know that we are not home, or, worse, givespecific details about our location and itinerary. Safer options include phrases such as "I will not have access to between [date] and [date]." If possible, also restrict the recipients of the message to people within our organization or in our address book. If our away message replies to spam, it only confirms that our account is active. This may increase the amount of spam we receive. Lock up our valuables - If an attacker is able to access our personal data, he or she may be able to compromise or steal the information. Take steps to protect this information by following good security practices. Some of the most basic precautions include locking our computer when we step away; using firewalls, antivirus software, and strong passwords; installing appropriate software updates; and taking precautions when browsing or using . Have a backup plan - Since our information could be lost or compromised (due to an equipment malfunction, an error, or an attack), make regular backups of our information so that we still have clean, complete copies. Backups also help us identify what has been changed or lost. If our computer has been infected, it is important to remove the infection before resuming our work. Keep in mind that if we did not realize that our computer was infected, our backups may also be compromised.

17 Safeguarding Our Data Why isn't "more" better? Maybe there is an extra software program included with a program we bought. Or perhaps we found a free download online. We may be tempted to install the programs just because we can, or because we think we might use them later. However, even if the source and the software are legitimate, there may be hidden risks. And if other people use our computer, there are additional risks. These risks become especially important if we use our computer to manage our personal finances (banking, taxes, online bill payment, etc.), store sensitive personal data, or perform work-related activities away from the office. However, there are steps we can take to protect ourself. How can we protect both our personal and work-related data? Use and maintain anti-virus software and a firewall - Protect ourself against viruses and Trojan horses that may steal or modify the data on our own computer and leave us vulnerable by using anti-virus software and a firewall. Make sure to keep our virus definitions up to date. Regularly scan our computer for spyware - Spyware or adware hidden in software programs may affect the performance of our computer and give attackers access to our data. Use a legitimate anti-spyware program to scan our computer and remove any of these files. Many anti-virus products have incorporated spyware detection. Keep software up to date - Install software patches so that attackers cannot take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, we should turn it on. Evaluate our software's settings - The default settings of most software enable all available functionality. However, attackers may be able to take advantage of this functionality to access our computer. It is especially important to check the settings for software that connects to the internet (browsers, clients, etc.). Apply the highest level of security available that still gives us the functionality we need. Avoid unused software programs - Do not clutter our computer with unnecessary software programs. If we have programs on our computer that we do not use, consider uninstalling them. In addition to consuming system resources, these programs may contain vulnerabilities that, if not patched, may allow an attacker to access our computer. Consider creating separate user accounts - If there are other people using our computer, we may be worried that someone else may accidentally access, modify,

18 and/or delete our files. Most operating systems (including Windows XP and Vista, Mac OS X, and Linux) give us the option of creating a different user account for each user, and we can set the amount of access and privileges for each account. We may also choose to have separate accounts for our work and personal purposes. While this approach will not completely isolate each area, it does offer some additional protection. However, it will not protect our computer against vulnerabilities that give an attacker administrative privileges. Ideally, we will have separate computers for work and personal use; this will offer a different type of protection. Establish guidelines for computer use - If there are multiple people using our computer, especially children, make sure they understand how to use the computer and internet safely. Setting boundaries and guidelines will help to protect our data. Use passwords and encrypt sensitive files - Passwords and other security features add layers of protection if used appropriately. By encrypting files, we ensure that unauthorized people can't view data even if they can physically access it. We may also want to consider options for full disk encryption, which prevents a thief from even starting our laptop without a passphrase. When we use encryption, it is important to remember our passwords and passphrases; if we forget or lose them, we may lose our data. Follow corporate policies for handling and storing work-related information - If we use our computer for work-related purposes, make sure to follow any corporate policies for handling and storing the information. These policies were likely established to protect proprietary information and customer data, as well as to protect us and the company from liability. Even if it is not explicitly stated in our corporate policy, we should avoid allowing other people, including family members, to use a computer that contains corporate data. Dispose of sensitive information properly - Simply deleting a file does not completely erase it. To ensure that an attacker cannot access these files, make sure that we adequately erase sensitive files. Understanding Anti-Virus Software What does anti-virus software do? Although details may vary between packages, anti-virus software scans files or our computer's memory for certain patterns that may indicate an infection. The patterns it looks for are based on the signatures, or definitions, of known viruses. Virus authors are continually releasing new and updated viruses, so it is important that we have the latest definitions installed on our computer. Once we have installed an anti-virus package, we should scan our entire computer periodically.

19 Automatic scans - Depending what software we choose, we may be able to configure it to automatically scan specific files or directories and prompt us at set intervals to perform complete scans. Manual scans - It is also a good idea to manually scan files we receive from an outside source before opening them. This includes saving and scanning attachments or web downloads rather than selecting the option to open them directly from the source scanning media, including CDs and DVDs, for viruses before opening any of the files What happens if the software finds a virus? Each package has its own method of response when it locates a virus, and the response may differ according to whether the software locates the virus during an automatic or a manual scan. Sometimes the software will produce a dialog box alerting us that it has found a virus and asking whether we want it to "clean" the file (to remove the virus). In other cases, the software may attempt to remove the virus without asking us first. When we select an anti-virus package, familiarize ourself with its features so we know what to expect. Which software should we use? There are many vendors who produce anti-virus software, and deciding which one to choose can be confusing. All anti-virus software performs the same function, so our decision may be driven by recommendations, particular features, availability, or price. Installing any anti-virus software, regardless of which package we choose, increases our level of protection. Be careful, though, of messages claiming to include antivirus software. These messages, supposedly from our ISP's technical support department, contain an attachment that claims to be anti-virus software. However, the attachment itself is in fact a virus, so we could become infected by opening. How do we get the current virus information? This process may differ depending what product we choose, so find out what our antivirus software requires. Many anti-virus packages include an option to automatically receive updated virus definitions. Because new information is added frequently, it is a good idea to take advantage of this option. Resist believing chain letters that claim that a well-known anti-virus vendor has recently detected the "worst virus in history" that will destroy our computer's hard drive. These s are usually hoaxes. We can confirm virus information through our anti-virus vendor or through resources offered by other anti-virus vendors. While installing anti-virus software is one of the easiest and most effective ways to protect our computer, it has its limitations. Because it relies on signatures, anti-virus

20 software can only detect viruses that have signatures installed on our computer, so it is important to keep these signatures up to date. Attacks and Threats Recognizing Fake Antiviruses What is fake antivirus? Fake antivirus is malicious software (malware) designed to steal information from unsuspecting users by mimicking legitimate security software. The malware makes numerous system modifications making it extremely difficult to terminate unauthorized activities and remove the program. It also causes realistic, interactive security warnings to be displayed to the computer user. How can our computer become infected with fake antivirus? Criminals distribute this type of malware using search engines, s, social networking sites, internet advertisements and other malware. They leverage advanced social engineering methodologies and popular technologies to maximize number of infected computers. How will we know if we are infected? The presence of pop-ups displaying unusual security warnings and asking for credit card or personal information is the most obvious method of identifying a fake antivirus infection. What can we do to protect oueself? Be cautious when visiting web links or opening attachments from unknown senders. Keep software patched and updated. To purchase or renew software subscriptions, visit the vendor sites directly. Monitor our credit cards for unauthorized activity. To report Internet crime or fraud, contact the Internet Crime Complaint Center (

21 Avoiding the Pitfalls of Online Trading What is online trading? Online trading allows us to conduct investment transactions over the internet. The accessibility of the internet makes it possible for us to research and invest in opportunities from any location at any time. It also reduces the amount of resources (time, effort, and money) we have to devote to managing these accounts and transactions. What are the risks? Recognizing the importance of safeguarding our money, legitimate brokerages take steps to ensure that their transactions are secure. However, online brokerages and the investors who use them are appealing targets for attackers. The amount of financial information in a brokerage's database makes it valuable; this information can be traded or sold for personal profit. Also, because money is regularly transferred through these accounts, malicious activity may not be noticed immediately. To gain access to these databases, attackers may use Trojan horses or other types of malicious code. Attackers may also attempt to collect financial information by targeting the current or potential investors directly. These attempts may take the form of social engineering or phishing attacks. With methods that include setting up fraudulent investment opportunities or redirecting users to malicious sites that appear to be legitimate, attackers try to convince us to provide them with financial information that they can then use or sell. How can we protect ourself? Be wary of online information - Anyone can publish information on the internet, so try to verify any online research through other methods before investing any money. Also be cautious of "hot" investment opportunities advertised online or in . Check privacy policies - Before providing personal or financial information, check the website's privacy policy. Make sure we understand how our information will be stored and used. Conduct transactions on devices we control - Avoid conducting transactions on public resources such as internet kiosks, computers in places like libraries, and other shared computers and devices. Other users may introduce security risks. Make sure that our transactions are encrypted - When information is sent over the internet, attackers may be able to intercept it. Encryption prevents the attackers from being able to view the information.